How to Pass Oracle OCI Foundations (1Z0-1085-25) in 2026: Complete Study Guide

# How to Pass Oracle OCI Foundations (1Z0-1085-25) in 2026: Complete Study Guide If you are new to Oracle Cloud Infrastructure or to cloud computing in general, the OCI Foundations exam (1Z0-1085-25) is the ideal starting point. This certification validates that you understand how OCI is structured, what its core services do, and how security and governance are managed at a fundamental level. You do not need hands-on experience to pass this exam, though some familiarity with cloud concepts helps. This guide gives you everything you need to prepare, from the domain breakdown to a concrete 3-week study plan. --- ## Exam Format at a Glance | Detail | Value | |---|---| | Exam code | 1Z0-1085-25 | | Price | $245 USD | | Number of questions | 60 questions | | Time limit | 85 minutes | | Passing score | 68% (approximately 41/60) | | Difficulty | Easy | | Format | Multiple choice, multiple select | | Delivery | Pearson VUE (online or test center) | The OCI Foundations exam is classified as "easy" — it tests conceptual knowledge and service awareness, not deep architectural design. If you have passed AWS Cloud Practitioner or Azure Fundamentals, this exam is at a similar level. --- ## Domain Breakdown | Domain | Topic | Approx. Weight | |---|---|---| | Domain 1 | Getting Started with OCI | 20% (~12 questions) | | Domain 2 | Core OCI Services | 35% (~21 questions) | | Domain 3 | Security Services | 25% (~15 questions) | | Domain 4 | Governance and Administration | 20% (~12 questions) | Domain 2 (Core Services) is the largest domain and covers compute, networking, storage, and database basics. Domain 3 (Security) is heavily weighted and often surprises candidates who focus only on services. --- ## Domain 1: Getting Started with OCI ### OCI Physical and Logical Structure **Regions:** OCI is available in multiple geographic regions worldwide. Each region is independent with its own infrastructure. When you provision resources, you choose the region. Examples: US East (Ashburn), EU West (Frankfurt), AP Tokyo. **Availability Domains (ADs):** Within a region, there may be one to three ADs. Commercial regions typically have three ADs. ADs are isolated from each other — a failure in one AD does not affect others. Resources like compute instances are provisioned in a specific AD. **Fault Domains (FDs):** Each AD contains three Fault Domains — hardware groupings that share no single point of failure (power, cooling, network switch). For high availability within an AD, spread instances across FDs. **AD-local vs. regional resources:** Some resources are AD-scoped (compute instances, block volumes). Others are regional (subnets, load balancers). Regional resources span all ADs in a region, providing inherent resilience. ### OCI Free Tier OCI offers two types of free access: **Always Free:** A permanent set of resources available at no cost, no expiry: - 2x AMD micro VMs (1/8 OCPU, 1 GB RAM each) - 4x Arm Ampere A1 instances (up to 4 OCPUs and 24 GB RAM total) - Autonomous Database (ATP and ADW) — 2 databases, 20 GB each - Object Storage — 20 GB Standard tier - 10 GB Block Volume storage **Free Trial ($300 credit):** - $300 in OCI credits - Valid for 30 days - Access to all OCI services (not limited to Always Free resources) - After 30 days or credit exhaustion, resources that are not Always Free are terminated unless you upgrade to a paid account --- ## Domain 2: Core OCI Services ### Compute **Instance types:** - **Virtual Machines (VM)**: share physical hardware with hypervisor. Flexible shapes let you customize OCPU and memory. - **Bare Metal (BM)**: dedicated physical server, no hypervisor. For high-performance or isolation-requiring workloads. - **Container instances**: run containers without managing Kubernetes. **OCPU:** Oracle Compute Unit. 1 OCPU = 1 physical core (2 vCPUs via hyper-threading on most shapes). **Flexible shapes:** You specify the exact number of OCPUs and amount of RAM (within shape limits). Example: VM.Standard.E4.Flex. **Compute Images:** Pre-built OS images. Oracle-provided images include Oracle Linux, Ubuntu, Windows. Custom images can be created from running instances. ### Networking (VCN Basics) **VCN (Virtual Cloud Network):** Your private network in OCI. You define the IP address range (CIDR block), create subnets, and configure gateways. **Subnets:** Subdivisions of the VCN CIDR. Public subnets can have resources with public IPs reachable from the internet. Private subnets cannot receive inbound internet traffic. **Gateways:** - **Internet Gateway (IGW)**: enables public subnet resources to communicate with the internet - **NAT Gateway**: enables private subnet resources to initiate outbound internet connections (no inbound) - **Service Gateway**: private path from a VCN to OCI services (Object Storage, etc.) without using the internet **Security Lists:** Firewall rules at the subnet level. Define allowed inbound and outbound traffic by IP protocol, port, and CIDR. ### Storage **Block Volume:** Persistent network-attached block storage. Attach to compute instances as additional disks. Choose performance tier based on IOPS/throughput requirements. **Object Storage:** Highly scalable, durable storage for unstructured data (files, backups, images, logs). Organized into **buckets** containing **objects**. Supports three storage tiers: - **Standard**: frequent access, immediate retrieval - **Infrequent Access**: less frequent access, lower cost per GB - **Archive**: long-term cold storage, retrieval takes up to 1 hour **File Storage (FSS):** NFS shared file system. Multiple instances can mount and read/write simultaneously. Use for shared application data. 💡 **Exam Tip:** Know when to use each storage type. Block Volume = OS disk, database storage. Object Storage = unstructured data, backups, web content. File Storage = shared file access from multiple instances (NFS). ### Database Services **Autonomous Transaction Processing (ATP):** Managed Oracle Database optimized for OLTP (transactional) workloads. Oracle handles all DBA tasks. **Autonomous Data Warehouse (ADW):** Managed Oracle Database optimized for analytics. Auto-tuning for analytical queries. **Both ATP and ADW are part of Autonomous Database.** The difference is the workload type they are optimized for. **Autonomous Database key features:** - Self-driving: automatically tunes, patches, and backs up - Self-securing: automatic encryption, threat detection - Self-repairing: automatic failover and recovery - Available in serverless (shared Exadata) and dedicated (private Exadata) deployment models --- ## Domain 3: Security Services ### OCI IAM: Users, Groups, Policies, Compartments **Users:** Individual identities in OCI. Each user has credentials (password for console, API keys for programmatic access). Users belong to Groups. **Groups:** Collections of users. Permissions are granted to Groups, not individual users. Best practice: create functional groups (e.g., "NetworkAdmins", "StorageReaders") and assign users as needed. **Policies:** Rules that grant Groups permission to perform actions on OCI resources. Written in human-readable format: ``` Allow group NetworkAdmins to manage virtual-network-family in compartment Network ``` **Compartments:** Logical containers that organize OCI resources. Every resource lives in a compartment. Compartments enable: - **Access control**: policies grant access to resources in a specific compartment - **Cost tracking**: view costs by compartment in cost analysis tools - **Resource isolation**: keep development and production resources separate The root compartment (tenancy) is the top of the hierarchy. All compartments are nested within the tenancy. ### OCI Security Services Overview **OCI Vault:** Managed service for encryption keys and secrets. Store database passwords, API keys, and data encryption keys. Keys are used by OCI services to encrypt data at rest. **Cloud Guard:** Security posture management. Continuously monitors your OCI tenancy for configuration weaknesses, threat indicators, and policy violations. Uses Detectors (identify problems) and Responders (fix problems manually or automatically). **Security Advisor:** Guided workflows for implementing security best practices. Helps configure security settings correctly without deep security expertise. **OCI Bastion:** Managed SSH jump service. Access private compute instances without exposing them to the internet. Sessions are time-limited and audited. **Web Application Firewall (WAF):** Protect public-facing web applications from common attacks (SQL injection, XSS, OWASP Top 10). Integrates with OCI Load Balancer. --- ## Domain 4: Governance and Administration ### Budgets and Cost Management **Budgets:** Set spending alerts. Define a budget for a compartment or the tenancy. Receive notifications when actual or forecast spending exceeds the budget threshold. **Cost Analysis:** View OCI spending broken down by service, compartment, tag, or time period. Helps identify cost drivers and optimize spending. **Usage Reports:** Detailed hourly reports of all OCI resource usage, stored in an Object Storage bucket. Used for custom billing analysis and showback/chargeback. ### Tagging **Free-form tags:** Simple key-value pairs you define ad hoc (e.g., `project: ecommerce`, `environment: prod`). No pre-defined schema required. **Defined tags:** Tags defined in a **tag namespace** with controlled keys and optional value validation. Example: namespace `Operations`, key `env`, allowed values: `dev`, `staging`, `prod`. Useful for enforcing consistent tagging across teams. Tags can be used to: - Filter resources in the console - Write IAM policies with tag conditions - Allocate costs by tag in Cost Analysis ### Organization Tenancy (OCI Organizations) OCI allows multiple tenancies to be grouped into an **Organization**. Features: - **Centralized billing**: consolidated invoicing across all child tenancies - **Governance policies**: apply governance rules across all tenancies from the parent - **Cross-tenancy access**: administrators in the parent can access child tenancies This is relevant for enterprises managing multiple OCI tenancies for different business units or environments. ### MFA (Multi-Factor Authentication) OCI supports MFA for console access. Administrators can enforce MFA for specific users or all users via Authentication Policy. For administrator accounts, MFA should always be enforced. IAM policies can include conditions requiring MFA: ``` Allow group Administrators to manage all-resources in tenancy where request.user.mfaTotpVerified = 'true' ``` This restricts admin actions to only users who have completed MFA authentication in their current session. --- ## 3-Week Study Plan ### Week 1: Getting Started + Core Services - Read about OCI regions, ADs, FDs, and understand the difference between AD-local and regional resources - Study Always Free vs. Free Trial — know the exact resource limits - Study compute shapes: VM, BM, flexible shapes - Study VCN basics: subnets, gateways (IGW, NAT, Service) - Study storage types: block, object, file — know when to use each - Complete Oracle University's free OCI Foundations learning path (Modules 1-2) ### Week 2: Security + Governance - Study IAM: users, groups, policies (syntax and examples), compartments - Study OCI security services: Vault, Cloud Guard, Bastion, WAF - Study governance: budgets, Cost Analysis, tagging (free-form vs. defined) - Complete Oracle University's OCI Foundations learning path (Modules 3-4) - Take a 20-question practice quiz on Domains 3 and 4 ### Week 3: Practice Exams + Review - Take 2 full 60-question practice exams under 85-minute time limits - Review every wrong answer carefully - Focus additional review on any domain scoring below 65% - Re-read sections on IAM policies (commonly tested with tricky scenarios) - Take a final 60-question practice exam --- ## Top Tips for Exam Day 1. **IAM policy syntax is tested** — memorize the structure: `Allow group X to verb resource-type in compartment Y` 2. **Always Free vs. Free Trial** is a classic trap — Always Free resources never expire; Free Trial is $300 for 30 days 3. **Regional vs. AD-local resources** — load balancers and subnets are regional; compute instances and block volumes are AD-local 4. **Storage tier selection** — Archive requires a restore step; Infrequent Access has a minimum retention period; Standard is immediate 5. **Cloud Guard vs. Security Advisor** — Cloud Guard monitors and responds to problems; Security Advisor provides guided workflows for setting up security correctly --- ## Start Practicing Today The OCI Foundations exam rewards candidates who practice with exam-format questions. Recognizing the style of Oracle's questions makes a real difference on exam day. Our [Oracle OCI Foundations (1Z0-1085-25) Practice Exam](/exams/oracle-cloud-infrastructure-foundations-1z0-1085-25-340-questions) includes 340 questions covering all four domains with detailed explanations. Take your first practice test and find out exactly where to focus your remaining study time.